Summary
phpMyAdmin creates temporary directories and files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successful attacks may corrupt data or cause denial-of-service conditions. Other unspecified attacks are also possible.
This issue affects phpMyAdmin 2.11.x (prior to 2.11.10.)
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2008-7251, CVE-2008-7252 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- AlefMentor Multiple SQL Injection Vulnerabilities
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability